datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java

   1 /*******************************************************************************
   2  * ============LICENSE_START==================================================
   3  * * org.onap.dmaap
   4  * * ===========================================================================
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
   6  * * ===========================================================================
   7  * * Licensed under the Apache License, Version 2.0 (the "License");
   8  * * you may not use this file except in compliance with the License.
   9  * * You may obtain a copy of the License at
  10  * *
  11  *  *      http://www.apache.org/licenses/LICENSE-2.0
  12  * *
  13  *  * Unless required by applicable law or agreed to in writing, software
  14  * * distributed under the License is distributed on an "AS IS" BASIS,
  15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * * See the License for the specific language governing permissions and
  17  * * limitations under the License.
  18  * * ============LICENSE_END====================================================
  19  * *
  20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
  21  * *
  22  ******************************************************************************/
  23
  24
  25 package org.onap.dmaap.datarouter.provisioning;
  26
  27 import com.att.eelf.configuration.EELFLogger;
  28 import com.att.eelf.configuration.EELFManager;
  29 import org.json.JSONObject;
  30 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
  31 import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
  32 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
  33 import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs;
  34 import org.onap.dmaap.datarouter.provisioning.utils.JSONUtilities;
  35
  36 import javax.servlet.http.HttpServletRequest;
  37 import javax.servlet.http.HttpServletResponse;
  38 import java.io.IOException;
  39 import java.io.InvalidObjectException;
  40 import java.util.List;
  41
  42 import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.sendResponseError;
  43
  44 /**
  45  * This servlet handles provisioning for the &lt;drFeedsURL&gt; which is the URL on the provisioning server used to
  46  * create new feeds.  It supports POST to create new feeds, and GET to support the Feeds Collection Query function.
  47  *
  48  * @author Robert Eby
  49  * @version $Id$
  50  */
  51 @SuppressWarnings("serial")
  52 public class DRFeedsServlet extends ProxyServlet {
  53
  54     //Adding EELF Logger Rally:US664892
  55     private static EELFLogger eelflogger = EELFManager.getInstance()
  56             .getLogger(DRFeedsServlet.class);
  57
  58     /**
  59      * DELETE on the &lt;drFeedsURL&gt; -- not supported.
  60      */
  61     @Override
  62     public void doDelete(HttpServletRequest req, HttpServletResponse resp) {
  63         setIpFqdnRequestIDandInvocationIDForEelf("doDelete", req);
  64         eelflogger.info(EelfMsgs.ENTRY);
  65         try {
  66             eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
  67             String message = "DELETE not allowed for the drFeedsURL.";
  68             EventLogRecord elr = new EventLogRecord(req);
  69             elr.setMessage(message);
  70             elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
  71             eventlogger.info(elr);
  72             sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger);
  73         } finally {
  74             eelflogger.info(EelfMsgs.EXIT);
  75         }
  76     }
  77
  78     /**
  79      * GET on the &lt;drFeedsURL&gt; -- query the list of feeds already existing in the DB. See the <i>Feeds Collection
  80      * Queries</i> section in the <b>Provisioning API</b> document for details on how this method should be invoked.
  81      */
  82     @Override
  83     public void doGet(HttpServletRequest req, HttpServletResponse resp) {
  84         setIpFqdnRequestIDandInvocationIDForEelf("doGet", req);
  85         eelflogger.info(EelfMsgs.ENTRY);
  86         try {
  87             eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
  88             EventLogRecord elr = new EventLogRecord(req);
  89             String message = isAuthorizedForProvisioning(req);
  90             if (message != null) {
  91                 elr.setMessage(message);
  92                 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
  93                 eventlogger.info(elr);
  94                 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
  95                 return;
  96             }
  97             if (isProxyServer()) {
  98                 super.doGet(req, resp);
  99                 return;
 100             }
 101             String bhdr = req.getHeader(BEHALF_HEADER);
 102             if (bhdr == null) {
 103                 message = "Missing " + BEHALF_HEADER + " header.";
 104                 elr.setMessage(message);
 105                 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
 106                 eventlogger.info(elr);
 107                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
 108                 return;
 109             }
 110             // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?)
 111             String path = req.getRequestURI();
 112             if (path != null && !path.equals("/")) {
 113                 message = "Bad URL.";
 114                 elr.setMessage(message);
 115                 elr.setResult(HttpServletResponse.SC_NOT_FOUND);
 116                 eventlogger.info(elr);
 117                 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
 118                 return;
 119             }
 120             // Check with the Authorizer
 121             AuthorizationResponse aresp = authz.decide(req);
 122             if (!aresp.isAuthorized()) {
 123                 message = "Policy Engine disallows access.";
 124                 elr.setMessage(message);
 125                 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
 126                 eventlogger.info(elr);
 127                 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
 128                 return;
 129             }
 130
 131             String name = req.getParameter("name");
 132             String vers = req.getParameter("version");
 133             String publ = req.getParameter("publisher");
 134             String subs = req.getParameter("subscriber");
 135             if (name != null && vers != null) {
 136                 // Display a specific feed
 137                 Feed feed = Feed.getFeedByNameVersion(name, vers);
 138                 if (feed == null || feed.isDeleted()) {
 139                     message = "This feed does not exist in the database.";
 140                     elr.setMessage(message);
 141                     elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
 142                     eventlogger.info(elr);
 143                     sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
 144                 } else {
 145                     // send response
 146                     elr.setResult(HttpServletResponse.SC_OK);
 147                     eventlogger.info(elr);
 148                     resp.setStatus(HttpServletResponse.SC_OK);
 149                     resp.setContentType(FEEDFULL_CONTENT_TYPE);
 150                     try {
 151                         resp.getOutputStream().print(feed.asJSONObject(true).toString());
 152                     } catch (IOException ioe) {
 153                         eventlogger.error("IOException" + ioe.getMessage());
 154                     }
 155                 }
 156             } else {
 157                 // Display a list of URLs
 158                 List<String> list = null;
 159                 if (name != null) {
 160                     list = Feed.getFilteredFeedUrlList("name", name);
 161                 } else if (publ != null) {
 162                     list = Feed.getFilteredFeedUrlList("publ", publ);
 163                 } else if (subs != null) {
 164                     list = Feed.getFilteredFeedUrlList("subs", subs);
 165                 } else {
 166                     list = Feed.getFilteredFeedUrlList("all", null);
 167                 }
 168                 String t = JSONUtilities.createJSONArray(list);
 169                 // send response
 170                 elr.setResult(HttpServletResponse.SC_OK);
 171                 eventlogger.info(elr);
 172                 resp.setStatus(HttpServletResponse.SC_OK);
 173                 resp.setContentType(FEEDLIST_CONTENT_TYPE);
 174                 try {
 175                     resp.getOutputStream().print(t);
 176                 } catch (IOException ioe) {
 177                     eventlogger.error("IOException" + ioe.getMessage());
 178                 }
 179             }
 180         } finally {
 181             eelflogger.info(EelfMsgs.EXIT);
 182         }
 183     }
 184
 185     /**
 186      * PUT on the &lt;drFeedsURL&gt; -- not supported.
 187      */
 188     @Override
 189     public void doPut(HttpServletRequest req, HttpServletResponse resp) {
 190         setIpFqdnRequestIDandInvocationIDForEelf("doPut", req);
 191         eelflogger.info(EelfMsgs.ENTRY);
 192         try {
 193             eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF_AND_FEEDID, req.getHeader(BEHALF_HEADER), getIdFromPath(req) + "");
 194             String message = "PUT not allowed for the drFeedsURL.";
 195             EventLogRecord elr = new EventLogRecord(req);
 196             elr.setMessage(message);
 197             elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
 198             eventlogger.info(elr);
 199             sendResponseError(resp, HttpServletResponse.SC_METHOD_NOT_ALLOWED, message, eventlogger);
 200         } finally {
 201             eelflogger.info(EelfMsgs.EXIT);
 202         }
 203     }
 204
 205     /**
 206      * POST on the &lt;drFeedsURL&gt; -- create a new feed. See the <i>Creating a Feed</i> section in the
 207      * <b>Provisioning API</b> document for details on how this method should be invoked.
 208      */
 209     @Override
 210     public void doPost(HttpServletRequest req, HttpServletResponse resp) {
 211         setIpFqdnRequestIDandInvocationIDForEelf("doPost", req);
 212         eelflogger.info(EelfMsgs.ENTRY);
 213         try {
 214             eelflogger.info(EelfMsgs.MESSAGE_WITH_BEHALF, req.getHeader(BEHALF_HEADER));
 215             EventLogRecord elr = new EventLogRecord(req);
 216             String message = isAuthorizedForProvisioning(req);
 217             if (message != null) {
 218                 elr.setMessage(message);
 219                 elr.setResult(HttpServletResponse.SC_FORBIDDEN);
 220                 eventlogger.info(elr);
 221                 sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
 222                 return;
 223             }
 224             if (isProxyServer()) {
 225                 super.doPost(req, resp);
 226                 return;
 227             }
 228             String bhdr = req.getHeader(BEHALF_HEADER);
 229             if (bhdr == null) {
 230                 message = "Missing " + BEHALF_HEADER + " header.";
 231                 elr.setMessage(message);
 232                 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
 233                 eventlogger.info(elr);
 234                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
 235                 return;
 236             }
 237             // Note: I think this should be getPathInfo(), but that doesn't work (Jetty bug?)
 238             String path = req.getRequestURI();
 239             if (path != null && !path.equals("/")) {
 240                 message = "Bad URL.";
 241                 elr.setMessage(message);
 242                 elr.setResult(HttpServletResponse.SC_NOT_FOUND);
 243                 eventlogger.info(elr);
 244                 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);
 245                 return;
 246             }
 247             // check content type is FEED_CONTENT_TYPE, version 1.0
 248             ContentHeader ch = getContentHeader(req);
 249             String ver = ch.getAttribute("version");
 250             if (!ch.getType().equals(FEED_BASECONTENT_TYPE) || !(ver.equals("1.0") || ver.equals("2.0"))) {
 251                 message = "Incorrect content-type";
 252                 elr.setMessage(message);
 253                 elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
 254                 eventlogger.info(elr);
 255                 sendResponseError(resp, HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE, message, eventlogger);
 256                 return;
 257             }
 258             JSONObject jo = getJSONfromInput(req);
 259             if (jo == null) {
 260                 message = "Badly formed JSON";
 261                 elr.setMessage(message);
 262                 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
 263                 eventlogger.info(elr);
 264                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
 265                 return;
 266             }
 267             if (intlogger.isDebugEnabled()) {
 268                 intlogger.debug(jo.toString());
 269             }
 270             if (++activeFeeds > maxFeeds) {
 271                 activeFeeds--;
 272                 message = "Cannot create feed; the maximum number of feeds has been configured.";
 273                 elr.setMessage(message);
 274                 elr.setResult(HttpServletResponse.SC_CONFLICT);
 275                 eventlogger.info(elr);
 276                 sendResponseError(resp, HttpServletResponse.SC_CONFLICT, message, eventlogger);
 277                 return;
 278             }
 279             Feed feed;
 280             try {
 281                 feed = new Feed(jo);
 282             } catch (InvalidObjectException e) {
 283                 message = e.getMessage();
 284                 elr.setMessage(message);
 285                 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
 286                 eventlogger.info(elr);
 287                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
 288                 return;
 289             }
 290
 291             /*
 292              * START - AAF changes
 293              * TDP EPIC US# 307413
 294              * CADI code - No legacy user check as all new users will be AAF users
 295              */
 296             String aafInstance = feed.getAafInstance();
 297             if (Boolean.parseBoolean(isCadiEnabled)) {
 298                 if ((aafInstance == null || aafInstance.equals("") || (aafInstance.equalsIgnoreCase("legacy")) && req.getHeader(EXCLUDE_AAF_HEADER).equalsIgnoreCase("true"))) {
 299                     // Check with the Authorizer
 300                     AuthorizationResponse aresp = authz.decide(req);
 301                     if (!aresp.isAuthorized()) {
 302                         message = "Policy Engine disallows access.";
 303                         elr.setMessage(message);
 304                         elr.setResult(HttpServletResponse.SC_FORBIDDEN);
 305                         eventlogger.info(elr);
 306                         sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
 307                         return;
 308                     }
 309                 } else {
 310                     if (req.getHeader(EXCLUDE_AAF_HEADER).equalsIgnoreCase("true")) {
 311                         message = "DRFeedsServlet.doPost() -Invalid request exclude_AAF should not be true if passing AAF_Instance value= " + aafInstance;
 312                         elr.setMessage(message);
 313                         elr.setResult(HttpServletResponse.SC_FORBIDDEN);
 314                         eventlogger.info(elr);
 315                         sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
 316                         return;
 317                     }
 318                     String permission = getFeedPermission(aafInstance, BaseServlet.CREATE_PERMISSION);
 319                     eventlogger.info("DRFeedsServlet.doPost().. Permission String - " + permission);
 320                     if (!req.isUserInRole(permission)) {
 321                         message = "AAF disallows access to permission - " + permission;
 322                         elr.setMessage(message);
 323                         elr.setResult(HttpServletResponse.SC_FORBIDDEN);
 324                         eventlogger.info(elr);
 325                         sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
 326                         return;
 327                     }
 328                 }
 329             } else {
 330                 AuthorizationResponse aresp = authz.decide(req);
 331                 if (!aresp.isAuthorized()) {
 332                     message = "Policy Engine disallows access.";
 333                     elr.setMessage(message);
 334                     elr.setResult(HttpServletResponse.SC_FORBIDDEN);
 335                     eventlogger.info(elr);
 336                     sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
 337                     return;
 338                 }
 339             }
 340             /*
 341              * END - AAF changes
 342              */
 343
 344             feed.setPublisher(bhdr);    // set from X-DMAAP-DR-ON-BEHALF-OF header
 345
 346             // Check if this feed already exists
 347             Feed feed2 = Feed.getFeedByNameVersion(feed.getName(), feed.getVersion());
 348             if (feed2 != null) {
 349                 message = "This feed already exists in the database.";
 350                 elr.setMessage(message);
 351                 elr.setResult(HttpServletResponse.SC_BAD_REQUEST);
 352                 eventlogger.info(elr);
 353                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
 354                 return;
 355             }
 356
 357             // Create FEED table entries
 358             if (doInsert(feed)) {
 359                 // send response
 360                 elr.setResult(HttpServletResponse.SC_CREATED);
 361                 eventlogger.info(elr);
 362                 resp.setStatus(HttpServletResponse.SC_CREATED);
 363                 resp.setContentType(FEEDFULL_CONTENT_TYPE);
 364                 resp.setHeader("Location", feed.getLinks().getSelf());
 365                 try {
 366                     resp.getOutputStream().print(feed.asLimitedJSONObject().toString());
 367                 } catch (IOException ioe) {
 368                     eventlogger.error("IOException" + ioe.getMessage());
 369                 }
 370                 provisioningDataChanged();
 371             } else {
 372                 // Something went wrong with the INSERT
 373                 elr.setResult(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 374                 eventlogger.info(elr);
 375                 sendResponseError(resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, DB_PROBLEM_MSG, eventlogger);
 376             }
 377         } finally {
 378             eelflogger.info(EelfMsgs.EXIT);
 379         }
 380     }
 381 }